Adding a new attributes, objects to represent resource relationships as a graph.

CHANGELOG.md

@@ -42,15 +42,20 @@ Thankyou! -->
 ## [Unreleased]
 
 ### Added
-* #### Dictionary Attributes
-  1. Added `boot_uid` as a `string_t`. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
-  1. Added `raw_data_size` as a `long_t`. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
-
+* #### Dictionary Attributes 
+    1. Added `boot_uid` as a `string_t`. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+    1. Added `raw_data_size` as a `long_t`. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
+    1. Added `is_directed` as a `boolean_t`, `relation` as a `string_t`, `query_language` & `query_language_id` a sibling pair. #1343
+    1. Added `relationship_graph` of type `graph`, `nodes` of type `node`, `edges` of type `edge`. #1343
+* #### Objects
+    1. Added `node`, `edge`, `graph` objects. #1343
+
 ### Improved
 * #### Objects
-  1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
-  1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
-  1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
+    1. Added `boot_uid` to `device` object. [#1335](https://github.com/ocsf/ocsf-schema/pull/1335)
+    1. Relaxed constraint to provide `email_addr`, `phone_number`, or `security_questions` on `auth_factor`. [#1339](https://github.com/ocsf/ocsf-schema/pull/1339)
+    1. Added `raw_data_size` to `base_event` object. [#1347](https://github.com/ocsf/ocsf-schema/pull/1347)
+    1. Added `relationship_graph` to `resource_details` object. #1343
 
 ## [v1.4.0] - January 31st, 2025
 

dictionary.json

@@ -1987,6 +1987,12 @@
       "description": "Represents the duration of the activity in years. See specific usage.",
       "type": "integer_t"
     },
+    "edges": {
+      "caption": "Edges",
+      "description": "The list of edge objects that are part of the graph.",
+      "type": "edge",
+      "is_array": true
+    },
     "edition": {
       "caption": "OS Edition",
       "description": "The operating system edition. For example: <code>Professional</code>.",
@@ -2406,6 +2412,11 @@
       "description": "The given or first name of the user.",
       "type": "string_t"
     },
+    "graph": {
+      "caption": "Graph",
+      "description": "A graph data structure representation with nodes and edges.",
+      "type": "graph"
+    },
     "group": {
       "caption": "Group",
       "description": "The group object associated with an entity such as user, policy, or rule.",
@@ -2778,6 +2789,11 @@
       "description": "Indicates if the entity was deleted. See specific usage.",
       "type": "boolean_t"
     },
+    "is_directed": {
+      "caption": "Directed",
+      "description": "Indicates if the entity has directionality. See specific usage.",
+      "type": "boolean_t"
+    },
     "is_encrypted": {
       "caption": "Encrypted",
       "description": "Indicates if the entity was encrypted. See specific usage.",
@@ -3414,6 +3430,12 @@
       "type": "string_t",
       "is_array": true
     },
+    "nodes": {
+      "caption": "Nodes",
+      "description": "The list of node objects that are part of the graph.",
+      "type": "node",
+      "is_array": true
+    },
     "num_detections": {
       "caption": "Detections",
       "description": "The number of detections.",
@@ -4030,6 +4052,27 @@
       "description": "The query info object holds information related to data access within a datastore. To access, manipulate, delete, or retrieve data from a datastore, a database query must be written using a specific syntax.",
       "type": "query_info"
     },
+    "query_language": {
+      "caption": "Query Language",
+      "description": "The query language, normalized to the caption of the <code>query_language_id</code> value. See specific usage.",
+      "type": "string_t"
+    },
+    "query_language_id": {
+      "caption": "Query Language ID",
+      "description": "The normalized identifier of the query language. See specific usage.",
+      "sibling": "query_language",
+      "type": "integer_t",
+      "enum": {
+        "0": {
+          "caption": "Unknown",
+          "description": "The Query Language is unknown."
+        },
+        "99": {
+          "caption": "Other",
+          "description": "The Query Language is not mapped. See the <code>query_language</code> attribute, which contains a data source specific value."
+        }
+      }
+    },
     "query_result": {
       "caption": "Query Result",
       "description": "The result of the query.",
@@ -4203,11 +4246,21 @@
       "type": "string_t",
       "is_array": true
     },
+    "relation": {
+      "caption": "Relation",
+      "description": "The relationship between two entities. See specific usage.",
+      "type": "string_t"
+    },
     "relationship": {
       "caption": "Relationship",
       "description": "The relationship between two software components, normalized to the caption of the <code>relationship_id</code> value. In the case of 'Other', it is defined by the source.",
       "type": "string_t"
     },
+    "relationship_graph": {
+      "caption": "Relationship Graph",
+      "description": "Describes relationships between entities in a graph structure. See specific usage.",
+      "type": "graph"
+    },
     "relationship_id": {
       "caption": "Relationship ID",
       "description": "The normalized identifier of the relationship between two software components.",
@@ -4846,6 +4899,11 @@
       "type": "software_component",
       "is_array": true
     },
+    "source": {
+      "caption": "Source",
+      "description": "The source of the event or object. See specific usage.",
+      "type": "string_t"
+    },
     "sp_name": {
       "caption": "OS Service Pack",
       "description": "The name of the latest Service Pack.",
@@ -5166,6 +5224,11 @@
       "type": "key_value_object",
       "is_array": true
     },
+    "target": {
+      "caption": "Target",
+      "description": "The target of the event or object. See specific usage.",
+      "type": "string_t"
+    },
     "tcp_flags": {
       "caption": "TCP Flags",
       "description": "The network connection TCP header flags (i.e., control bits).",

objects/edge.json

@@ -0,0 +1,42 @@
+{
+  "caption": "edge",
+  "description": "Represents a connection or relationship between two nodes in a graph.",
+  "extends": "_entity",
+  "name": "edge",
+  "attributes": {
+    "data": {
+      "description": "Additional data about the edge such as weight, distance, or custom properties.",
+      "requirement": "optional"
+    },
+    "is_directed": {
+      "description": "Indicates whether the edge is (<code>true</code>) or undirected (<code>false</code>).",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "The human-readable name or label for the edge.",
+      "requirement": "recommended"
+    },
+    "relation": {
+      "description": "The type of relationship between nodes (e.g. is-attached-to , depends-on, etc).",
+      "requirement": "recommended"
+    },
+    "source": {
+      "description": "The unique identifier of the node where the edge originates.",
+      "requirement": "required"
+    },
+    "target": {
+      "description": "The unique identifier of the node where the edge terminates.",
+      "requirement": "required"
+    },
+    "uid": {
+      "description": "Unique identifier of the edge.",
+      "requirement": "recommended"
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/graph.json

@@ -0,0 +1,78 @@
+{
+  "caption": "Graph",
+  "description": "A graph data structure representation with nodes and edges.",
+  "extends": "_entity",
+  "name": "graph",
+  "attributes": {
+    "desc": {
+      "description": "The graph description - provides additional details about the graph's purpose and contents.",
+      "requirement": "optional"
+    },
+    "edges": {
+      "description": "The edges/connections between nodes in the graph - contains the collection of <code>edge</code> objects defining relationships between nodes.",
+      "requirement": "optional"
+    },
+    "is_directed": {
+      "description": "Indicates if the graph is directed (<code>true</code>) or undirected (<code>false</code>).",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "The graph name - a human readable identifier for the graph."
+    },
+    "nodes": {
+      "description": "The nodes/vertices of the graph - contains the collection of <code>node</code> objects that make up the graph.",
+      "requirement": "required"
+    },
+    "query_language": {
+      "description": "The graph query language, normalized to the caption of the <code>query_language_id</code> value.",
+      "requirement": "optional"
+    },
+    "query_language_id": {
+      "description": "The normalized identifier of a graph query language that can be used to interact with the graph.",
+      "requirement": "recommended",
+      "enum": {
+        "1": {
+          "caption": "Cypher",
+          "description": "A declarative graph query language developed by Neo4j that allows for expressive and efficient querying of graph databases"
+        },
+        "2": {
+          "caption": "GraphQL",
+          "description": "A query language for APIs that enables declarative data fetching and provides a complete description of the data in the API"
+        },
+        "3": {
+          "caption": "Gremlin",
+          "description": "A graph traversal language and virtual machine developed by Apache TinkerPop that enables graph computing across different graph databases"
+        },
+        "4": {
+          "caption": "GQL",
+          "description": "An ISO standard graph query language designed to provide a unified way to query graph databases"
+        },
+        "5": {
+          "caption": "G-CORE",
+          "description": "A graph query language that combines features from existing languages while adding support for paths as first-class citizens"
+        },
+        "6": {
+          "caption": "PGQL",
+          "description": "Property Graph Query Language developed by Oracle that provides SQL-like syntax for querying property graphs"
+        },
+        "7": {
+          "caption": "SPARQL",
+          "description": "A semantic query language for databases that enables querying and manipulating data stored in RDF format"
+        }
+      }
+    },
+    "type": {
+      "description": "The graph type - indicates if this is a complete, connected, cyclic, acyclic, null or other type of graph.",
+      "requirement": "optional"
+    },
+    "uid": {
+      "description": "Unique identifier of the graph - a unique ID to reference this specific graph."
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/node.json

@@ -0,0 +1,34 @@
+{
+  "caption": "Node",
+  "description": "Represents a node or a vertex in a graph structure.",
+  "extends": "object",
+  "name": "node",
+  "attributes": {
+    "data": {
+      "description": "Additional data about the node stored as key-value pairs. Can include custom properties specific to the node.",
+      "requirement": "optional"
+    },
+    "desc": {
+      "description": "A human-readable description of the node's purpose or meaning in the graph.",
+      "requirement": "optional"
+    },
+    "name": {
+      "description": "A human-readable name or label for the node. Should be descriptive and unique within the graph context.",
+      "requirement": "recommended"
+    },
+    "type": {
+      "description": "Categorizes the node into a specific class or type. Useful for grouping and filtering nodes.",
+      "requirement": "optional"
+    },
+    "uid": {
+      "description": "A unique string or numeric identifier that distinguishes this node from all others in the graph. Must be unique across all nodes.",
+      "requirement": "required"
+    }
+  },
+  "references": [
+    {
+      "description": "JSON graph specification.",
+      "url": "https://github.com/jsongraph/json-graph-specification/"
+    }
+  ]
+}

objects/resource_details.json

@@ -44,6 +44,11 @@
       "profile": "cloud",
       "requirement": "optional"
     },
+    "relationship_graph": {
+      "caption": "Resource Relationship Graph",
+      "description": "A graph representation showing how this resource relates to and interacts with other resources in the environment. This can include parent/child relationships, dependencies, or other connections.",
+      "requirement": "optional"
+    },
     "version": {
       "description": "The version of the resource. For example <code>1.2.3</code>.",
       "requirement": "optional"